vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Only allow users matching the team invite to accept, if the invite was specified for a user (rather than an email)

Browse source
This commit is contained in:
Joseph Schorr 2014-09-12 14:29:01 -04:00
parent c5ca46a14b
commit 10faa7de84
7 changed files with 24 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

10
endpoints/api/team.py
View file

@ -11,10 +11,7 @@ from util.useremails import send_org_invite_email
from util.gravatar import compute_hash
def try_accept_invite(code, user):
try:
(team, inviter) = model.confirm_team_invite(code, user)
except model.DataModelException:
return None
(team, inviter) = model.confirm_team_invite(code, user)
model.delete_matching_notifications(user, 'org_team_invite', code=code)
@ -355,10 +352,7 @@ class TeamMemberInvite(ApiResource):
@require_user_admin
def delete(self, code):
""" Delete an existing member of a team. """
try:
(team, inviter) = model.delete_team_invite(code, get_authenticated_user())
except model.DataModelException:
raise NotFound()
(team, inviter) = model.delete_team_invite(code, get_authenticated_user())
model.delete_matching_notifications(get_authenticated_user(), 'org_team_invite', code=code)